Tomorrow´s Microsoft Internet Explorer patch

April 10 2006

Tomorrow, Microsoft will issue a software update to Internet Explorer, changing the behavior of ActiveX controls within certain web pages.   Most software vendors are affected (not just IBM!).  Several Domino community bloggers have picked up this issue.  Rob Novak has been a rock star, championing and pushing to make sure that Domino Web Access and Quickplace issues related to this update are documented and/or addressed.  Thanks, Rob, along with the Lotus team he's been working with (including one Notes Goddess).

Other bloggers with detailed information about this patch, along with links to IBM technotes and other documentation about the impact to Lotus products, are Gregg Eldred and Warren Elsmore.  Both of them picked up some details from the excellent summary e-mailed out to Lotus support customers by IBM's Flemming Christensen over the weekend (thanks for this extra effort, Flemming!).

Check it out and be sure you're ready..
Key IBM technotes:  Quickplace, Sametime, Domino, Domino Web Access

Ed Brill Highland Park, IL USA Category:  In the news  Add/View Comments [13]

Post a Comment

  1. 1  Steven Joseph  | 4/10/2006 2:31:57 PM

    Ed:

    We'd like to thank Flemming, the IBM Workplace Portal and Collaboration Software Team, as well as our LSM Chris Nowak for the extra info. This is the level of proactive support PSP customers expect from Lotus.

    We started working on this potential "issue" about 6:30am this morning and once Chris provided us the detailed technotes (obviously the fruits of Rob's team (we love Susan too!)), we think we are in a pretty good position to "address" this with our 9000 Notes mail users, most of whom use DWA, ST, and QP on a regular basis.

    At least now our biggest concern is how much crap we're going to have to take with the Notes/Domino bashing, cause this is what is going to happen. I wish I still had my Exchange server up still to see how this is going to hit the Outlook Web Access folks.

    So, getting ready for June IE cumulative updates, what since does it make for Microsoft to next release an optional Compatibility Patch which will restore previous Internet Explorer ActiveX behavior only until they update this again until the next IE cumulative security update?!?!?!

    Looks like Lotus has learned its lesson in creating a product that was so tightly integrated to a single vendor's browser. Don't get me wrong, DWA is light-years better than Web Mail, but we always felt that the R5 & ND 6.x implementation of iNotes/DWA seemed to contradict Lotus' SOP of being OS agnostic.

    Hey, we can just upgrade to 7.0x!

  1. 2  Carl Fink www.kullman.com | 4/10/2006 2:51:58 PM

    Thanks, Ed. Knowing that in advance is a huge benefit.

  1. 3  Mike "5 Things Wrong with SharePoint" Drips http://forevervoyaging.blogspot.com | 4/10/2006 4:42:44 PM

    This patch is yet another example of Microsoft's continuing to fail to respond rapidly to the security of their customers. The IE team simply should be fired, right on up through at least the VP level of management. When one observes that Opera has had numerous upgrades over the last five years and compares that to Microsoft supporting the same version of IE for the same period of time one has to wonder where the billions of R&D dollars are spent at Microsoft?

  1. 4  David Bell  | 4/10/2006 7:17:48 PM

    If it's being released tomorrow, how did I get it on:

    Windows XP Update for Windows XP (KB912945) Tuesday, March 28, 2006 Microsoft Update

  1. 5  Susan Bulloch http://notesgoddess.net | 4/10/2006 7:24:27 PM

    @ 4 - Hi David - KB912945 was released by Microsoft as an optional download in March, but is being bundled into the recommended (but not critical) security patch that is being released tomorrow. End users may install the security patch without realizing that the earlier patch is included. We want users to have the resources to realize what has happened should that occur.

  1. 6  Mike Brown  | 4/11/2006 1:45:36 AM

    More fool IBM for using ActiveX in the first place. They took the easy road with some products, and not only stuck themselves with problems like this, they also limited those products to IE on Windows only - at least, if you want the full functionality.

    Cheers,

    - Mike

  1. 7  Tom E  | 4/11/2006 12:39:43 PM

    We received an email from our Microsoft technical account manager, informing us of an "optional IE Active X Compatibility Patch", which will temporarily rollback the ActiveX changes.

    However, I don't see any direct mention of this rollback on the Microsoft KnowledgeBase article on the ActiveX change.

    { Link }

  1. 8  Steven Joseph  | 4/11/2006 2:49:43 PM

    @7 It is listed in all the Lotus TNs about this issue with a link to Microsquash:

    "After application of the April cumulative security update, apply the upcoming Microsoft Compatibility Patch to Internet Explorer."

    { Link }

  1. 9  Randall Shimizu  | 4/11/2006 10:12:17 PM

    I am totally amazed that so many companies are unwilling to take the simple step of migrating or stop using IE. Just this simple step will stop 60% of the Windows desktop security problems.

    Another amazing fact is that Active X core technology OLE was not invented by Microsoft. In fact OLE was originated from IBM in Os/2's presentation manager. IBM holds a patent on OLE. I am suprised that IBM did not use the OLE patent as leverage against MS back in OS/2 Windows wars.

  1. 10  Randall Shimizu  | 4/12/2006 1:03:23 AM

    My advice is to simply make a clean break and dump IE. Or if your applications require, only use IE when needed..

    Windows security mission impossible....??

    > Mission Impossible?

    > ""In some cases, there really is no way to recover

    > without nuking the systems from orbit," said Mike

    > Danseglio, program manager in the Security Solutions

    > group at Microsoft, in a presentation at the InfoSec

    > World conference here on April 3.""

    >

    > This just goes to show that Windows security

    > problems

    ({ Link }

    )

    "They never really go away. Its just having to install

    all those critical

    > patches that slows their posting down from time to

    time.

    don't you mean the scheduled wipe and complete

    re-install... "

    --- Randall Shimizu <randall.shimizu@sbcglobal.net>

    wrote:

  1. 11  David Bell  | 4/13/2006 10:21:05 AM

    @5 - Thanks for the clarification Susan.

  1. 12  Paul Robichaux http://www.e2ksecurity.com | 4/13/2006 10:47:44 AM

    @3, @9: this isn't a security patch; it's a patent patch. See { Link } for my favorite take on it so far.

  1. 13  Paul Robichaux http://www.e2ksecurity.com | 4/13/2006 10:47:45 AM

    @3, @9: this isn't a security patch; it's a patent patch. See { Link } for my favorite take on it so far.